6 Replies Latest reply on May 28, 2006 9:02 AM by James Rhodes

    getting the role name after form login

    James Rhodes Newbie

      I apologize if this is dumb, but I'm sucessfully logging in with the DatabaseLoginModule, but now how do I get the name of the role? I want to display the role name on the web page. I know I can get the userid from request.getUserPrincipal().getName() but should I use this and is there something similar for getting the authenticated user's role? Thanks for the help,

      Bob

        • 1. Re: getting the role name after form login
          chris griffith Expert

          Bob,

          It is O.K. to use request.getUserPrincipal to get your userid. However, there is no Java EE standard for getting the user's role. You can ask if the user is in a certain role using request.isUserInRole(). JBoss does offer the ability to get to the authenticated Subject via a JNDI lookup. I think the name is "java:/jaas/your_securit_domain/subject", but I am not positive and I can't remember where I read that.

          later, cgriffith

          • 2. Re: getting the role name after form login
            Anil Saldanha Master

            There is a JBoss specific way of doing this.

            //Get the Authenticated Subject
            Subject subject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container");
            
            //Now look for a Group called Roles
            Set principals = subject.getPrincipals(Principal.class);
            Iterator iter = principals.iterator();
            while(iter.hasNext())
            {
             Principal p = (Principal)iter.next;
             if(p instanceof SimpleGroup)
             {
             SimpleGroup sg = (SimpleGroup)p;
             if("Roles".equals(sg.getName())
             //we got the roles
             }
            }
            


            The flip side is that this gives all the roles the user belongs to.

            • 3. Re: getting the role name after form login
              James Rhodes Newbie

              Thanks so much for the replies. I'll try them out asap.

              B

              • 4. Re: getting the role name after form login
                Anil Saldanha Master

                With a recent use of the JBossGenericPrincipal as the holder of the roles, I am unsure if my earlier approach holds good. If JGP is the answer, then you will need a custom valve to get hold of the JGP from the catalina request object.

                • 5. Re: getting the role name after form login
                  James Rhodes Newbie

                  This code seems to work:

                  private void findRole() throws PolicyContextException {

                  // Get the Authenticated Subject
                  Subject subject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container");

                  // Now look for a Group called Roles
                  Set principals = subject.getPrincipals(Principal.class);
                  Iterator iter = principals.iterator();
                  while(iter.hasNext()) {
                  Principal p = (Principal)iter.next();
                  if(p instanceof SimpleGroup) {
                  SimpleGroup sg = (SimpleGroup)p;
                  if("Roles".equals(sg.getName())) {
                  Enumeration en = sg.members();
                  while(en.hasMoreElements()) {
                  String role = en.nextElement().toString();
                  if(role != null) {
                  setRole(role);
                  }
                  }
                  }
                  }
                  }
                  }

                  • 6. Re: getting the role name after form login
                    James Rhodes Newbie

                    Does anyone think this code is off-base? It seemed to me that the only way to get the role, once the correct group was discovered, was to loop over the Enumeration of members. For me this will be ok since the users of my app won't have multiple roles assigned to them. Unless someone has a better way or there is a problem with this, I'm going to use it for now. Thanks again for the replies and help.

                    B